1 / 17

Got Citrix? Hack IT!

Got Citrix? Hack IT!. Shanit Gupta February 16, 2008. Who Am I?. Senior Security Consultant – Foundstone Professional Services Code Review / Threat Modeling / Application Security Masters from Carnegie Mellon. Agenda. Background Demo 1: Kiosk Mode Demo 2: Unauthenticated Access

tavi
Download Presentation

Got Citrix? Hack IT!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Got Citrix? Hack IT! Shanit Gupta February 16, 2008

  2. Who Am I? • Senior Security Consultant – Foundstone Professional Services • Code Review / Threat Modeling / Application Security • Masters from Carnegie Mellon

  3. Agenda • Background • Demo 1: Kiosk Mode • Demo 2: Unauthenticated Access • Demo 3: (Un)Hidden Hotkeys • Demo 4: Restricted Desktop Access • Demo 5: Attack Microsoft Office • Remediation Measures

  4. What / How do I know about Citrix?

  5. False Sense of Security

  6. Demo1: Kiosk Mode

  7. Demo1: Kiosk Mode (Attack Vectors) • Ctrl + h – View History • Ctrl + n – New Browser • Shift + Left Click – New Browser • Ctrl + o – Internet Address (browse feature) • Ctrl + p – Print (to file) • Right Click (Shift + F10) • Save Image As • View Source • F1 – Jump to URL… • Browse to http://download.insecure.org/nmap/dist/nmap-4.53-setup.exe

  8. I Hope You Are Patching  *Source: http://secunia.com

  9. Demo 2: Unauthenticated Access • 9 publicly accessible exploits 2007 – 08 • Particularly interesting • Citrix Presentation Server IMA Service Buffer Overflow Vulnerability • Social Engineering: Malicious ICA files

  10. Demo 2: Unauthenticated Access • Good Old Brute Force • One account is all you need • I am sure you are using 2 factor authentication ;-)

  11. Demo3: (Un)Hidden Hotkeys • SHIFT+F1: Local Task List • SHIFT+F2: Toggle Title Bar • SHIFT+F3: Close Remote Application • CTRL+F1: Displays Windows Security Desktop – Ctrl+Alt+Del • CTRL+F2: Remote Task List • CTRL+F3: Remote Task Manager – Ctrl+Shift+ESC • ALT+F2: Cycle through programs • ALT+PLUS: Alt+TAB • ALT+MINUS: ALT+SHIFT+TAB

  12. Demo4: Restricted Desktop

  13. Demo4: Restricted Desktop • Shortcut to C:\ • Create Batch File • CMD.exe • Host Scripting File (filename.vbs) • Set objApp = CreateObject("WScript.Shell") • objApp.Run “CMD C:\“

  14. Demo5: Attack Microsoft Office • File->Save As • Browse Files and Launch CMD.exe • Press F1 • Search Microsoft • Click Suites Home Page • Macros • Remote Shell • Privilege Escalation

  15. Remediation Strategies • 1300 different registry settings • It is HARD!

  16. Remediation Strategies • Lock Down Tools • Commercial • Freeware • http://updates.zdnet.com/tags/lockdown.html

  17. Questions or Concerns?

More Related